Martin Konold wrote:
Am Donnerstag, 17. August 2006 18:53 schrieb Gerd v. Egidy:
Hi Gerd,
didn't expect to read from you, thought you were on vacation ;)
Well,... in the meantime (actually yesterday) I returned from vacations.
How can you imagine abuse which needs to be prevented?
I think Ken worries about annotations that are used to control server
behavior. Currently e.g. squatter and cyr_expire can be controlled through
annotations.
In some environments it may make sense to limit access to these kind of
knobs, at least for some users.
Thanks for enlighting me!.
I think we need three kinds of annotations. Each kind has different purposes
and different quota accounting rules and different ACL sets are required.
1. server annotations
- only system administration can control server annotation
- not necessarily set via imap but e.g. configuration files
- typically only root can write and everyone can read the server annotations
- no quoata or content limitations/restrictions are required as contents is ro
for imap users anyway
2. system annotations for folders
- stuff like controlling annotions for server side feature like the above
mentioned quatter and cyr_expire services.
- space required shall not be accounted for when calculating the quoata for an
users mailbox/account
- possible contents is strictly defined at compile time
- Access control is not determined by the folders ACLs
3. user annotations for folders
- generic meta data useful for some applications. This includes stuff required
for special purpose servers like Kolab (e.g. folder-type, freebusy relevance
etc.) and more generic information like folder creation timedate.
- namespace is predefined and allows for arbitrary local extensions within a
subtree
- space used shall be considered for calculating the quota
- possible contents is arbitrary and subject to the same ACLs like the folder
itself
After a quick read of the above, I think you're correct. Do you have a
proposed framework for implementing and enforcing the above?
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
